Well severals things: - maybe we dont wire security in httpejbd layer and we can desire it - you can set yourself this threadlocal with an interceptor for instance or a @WebFilter
2 will fix your issue today but 1 is surely better for a long term fix Le 7 nov. 2014 07:35, "Ulrich Metzger" <ulr...@muehlgasse.de> a écrit : > I get an org.apache.openejb.rest.ThreadLocalSecurityContext in the > UserService, but with an empty UserPrincipal. > I found out, that the ApplicationComposer calls the > ThreadLocalContextManager which creates an empty ThreadLocalSecurityContext > instance. So the question is where to hook in to replace either the > complete manager or the securityContext with a custom one. > > 2014-11-06 19:13 GMT+01:00 Romain Manni-Bucau <rmannibu...@gmail.com>: > > > Hi > > > > You mean you get null? Normally nothing special is needed > > > > > > Romain Manni-Bucau > > @rmannibucau > > http://www.tomitribe.com > > http://rmannibucau.wordpress.com > > https://github.com/rmannibucau > > > > > > 2014-11-06 17:35 GMT+00:00 Ulrich Metzger <ulr...@muehlgasse.de>: > > > Hi list, > > > does anybody know how to mock a SecurityContext which gets injected in > a > > > Service Class exposed as Rest service in a junit test? > > > > > > Here is the Service Class (the get method checks the currently logged > in > > > user): > > > ##################### ... > > > @Path("/user") > > > @Produces(MediaType.APPLICATION_JSON) > > > @Stateless > > > @Lock(LockType.READ) > > > public class UserService { > > > > > > @Context > > > private SecurityContext context; > > > > > > /** > > > * returns logged in user > > > */ > > > @Path("/get") > > > @GET > > > @Lock(LockType.WRITE) > > > public Response get() { > > > try { > > > User user = ((UserPrincipal) > > > context.getUserPrincipal()).getUser(); > > > return Response.ok(getDefaultGson().toJson(user), > > > MediaType.APPLICATION_JSON_TYPE).build(); > > > } catch (Exception e) { > > > logger.debug("no user principal in context"); > > > return Response.status(Status.FORBIDDEN).build(); > > > } > > > } > > > > > > ... ######################### > > > > > > the JUnit tests uses the ApplicationComposer and looks like this: > > > > > > ....######################### > > > > > > @EnableServices(value = "jaxrs") > > > @RunWith(ApplicationComposer.class) > > > > > > public class UserServiceTest { > > > > > > @Module > > > @Classes(value = { UserService.class}, cdi = true) // scan these > > classes > > > public WebApp war() { > > > return new WebApp() // define rest Application > > > .contextRoot("UserServiceTest"); > > > } > > > > > > @Test > > > public void get() throws IOException, NamingException { > > > final Response message = WebClient.create(" > http://localhost:4204 > > ") > > > .path("/UserServiceTest/user/get").get(Response.class); > > > assertEquals(403, message.getStatus()); > > > } > > > > > > ....################### > > > I tried several hours to find an example how to create a > SecurityContext > > > mock in the test, which than is injected in the UserService with no > luck. > > > I hope someone has a hint for me. > > > > > > Uli > > >